🎉 Add fix_available information to jfrog (#13115)

manuel-sommer · web-flow · commit 7d3b99993d75 · 2025-09-05T14:30:16.000-05:00
diff --git a/dojo/tools/jfrogxray/parser.py b/dojo/tools/jfrogxray/parser.py
@@ -76,6 +76,7 @@ def get_item(vulnerability, test):
     cvssv3 = None
     cvss_v3 = "No CVSS v3 score."
     mitigation = None
+    fix_available = False
     extra_desc = ""
     # Some entries have no CVE entries, despite they exist. Example
     # CVE-2017-1000502.
@@ -95,6 +96,7 @@ def get_item(vulnerability, test):
         mitigation += "\n".join(
             vulnerability["component_versions"]["fixed_versions"],
         )
+        fix_available = True
 
     if "vulnerable_versions" in vulnerability["component_versions"]:
         extra_desc = "\n**Versions that are vulnerable:**\n"
@@ -160,6 +162,7 @@ def get_item(vulnerability, test):
         static_finding=True,
         dynamic_finding=False,
         cvssv3=cvssv3,
+        fix_available=fix_available,
     )
     if vulnerability_ids:
         finding.unsaved_vulnerability_ids = vulnerability_ids
diff --git a/unittests/tools/test_jfrogxray_parser.py b/unittests/tools/test_jfrogxray_parser.py
@@ -17,6 +17,7 @@ def test_parse_file_with_one_vuln(self):
         self.assertEqual(1, len(item.unsaved_vulnerability_ids))
         self.assertEqual("CVE-2018-14600", item.unsaved_vulnerability_ids[0])
         self.assertEqual(787, item.cwe)
+        self.assertEqual(True, item.fix_available)
 
     def test_parse_file_with_many_vulns(self):
         testfile = (get_unit_tests_scans_path("jfrogxray") / "many_vulns.json").open(encoding="utf-8")
